By default, the security appliance allows IPsec packets to bypass interface access control lists (ACLs). In order to allow specific traffic for a VPN tunnel, apply interface access lists. Complete these steps (apart from the basic VPN configuration) on the PIX/ASA:

1. Use the no form of these commands in order to disable sysopt connection permit-ipsec on PIX version 6.3and sysopt connection permit-VPN on PIX/ASA version 7.x.

2. Create an access-list for traffic that goes into the outside interfaces. Refer to this access-list example in order to allow only Telnet traffic:

access-list outside_in extended permit tcp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 eq 23

3. Create an access group and bind it to the outside interface. For example:

access-group outside_in in interface outside

Tags:accesses, acl, asa, bind, command, configuration, configure, connection, create, group, interface, listing, pix, port, ports, protocol, secure, Security, traffic, VPN

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting

Related posts

How to Reload the Security Appliance – Cisco ASA

How to Configure PPTP Ports under Windows Server